【发布时间】:2019-08-22 07:23:02
【问题描述】:
我正在学习Spring Security,这是我的configure类,很简单:
@Configuration
@EnableWebSecurity
public class Config extends WebSecurityConfigurerAdapter {
@Autowired
MyUserDetailsService myUserDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(myUserDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/")
.permitAll()
.antMatchers("/users")
.hasRole("isAdmin")
.antMatchers("/articles")
.hasRole("isUser")
.and()
.formLogin()
.permitAll();
}
}
import org.springframework.security.core.userdetails.User;
@Service
public class MyUserDetailsService implements UserDetailsService {
@Autowired
UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
List<SimpleGrantedAuthority> simpleGrantedAuthorities = new ArrayList<>();
simpleGrantedAuthorities.add(new SimpleGrantedAuthority("isUser"));
return new User(username, "{noop}123456", simpleGrantedAuthorities);
}
}
根据这个配置,我允许任何人使用任何用户名和特定密码123456 登录,并且我为每个用户分配isUser 角色。
我希望任何人都可以使用任何用户名登录并获得访问/articles的许可。
但不幸的是,当我尝试登录时,是的,登录成功,但无法访问/articles。
找不到原因,我想已经给用户权限了,怎么了?
【问题讨论】:
标签: spring-security